You've never actually been anywhere that it snows, have you?
Do you honestly think the millions of people in Minneapolis, Chicago, Buffalo all use tire chains? Roads would have to be replaced completely every year.
Er, here in Chicago, they pretty much do. Or they should.
What? I live in Chicago (born and raised).. actually, just outside the city limits and not only have I *never* seen anyone with chains on their tires, I'm pretty sure it's illegal to use chains on public roads. Road repair is bad enough in the area without the all the damage chains would add.
Then, once your tinfoil hat is secured in place, you can begin the tedious process of upgrading to covering your ceiling and walls with tinfoil.
LIES!!! User johndmartiniii (obviously an alias) wants us to use tinfoil as a signal blocker. Fortunately I have found a copy of the study on tinfoil the Reptoid scientific community tried to bury. It's On the Effectiveness of Aluminium Foil Helmets: An Empirical Study
Among a fringe community of paranoids, aluminum helmets serve as the protective measure of choice against invasive radio signals. We investigate the efficacy of three aluminum helmet designs on a sample group of four individuals. Using a $250,000 network analyser, we find that although on average all helmets attenuate invasive radio frequencies in either directions (either emanating from an outside source, or emanating from the cranium of the subject), certain frequencies are in fact greatly amplified. These amplified frequencies coincide with radio bands reserved for government use according to the Federal Communication Commission (FCC). Statistical evidence suggests the use of helmets may in fact enhance the governmentâ(TM)s invasive abilities. We speculate that the government may in fact have started the helmet craze for this reason.
(emaphasis mine)
Nice try johndmartiniii. Now know the brutality of your masters, the Reptoid Illuminati, as you are rendered into their protein vats after they discover the failure of your misinformation campaign.
Dude, did you just tell one of the guys who discovered this issue to *not* post links to his blog which may contain relevant information? I mean I'd understand if his blog had a ton of advertisements or something. But it's pretty much just blog entries and that's it.
No, it's an IFRAME issue. A hidden IFRAME is created *under* the main page. Any click you make will also fall to the IFRAME under the main page. It appears JavaScript makes it easier but it's not necessary. I think this sounds like a DHTML problem (as in either the protocol or how it's rendered)
At least that's what I understand from the "how to stop this with NoScript" link in TFA. Basically if you turn off all IFRAMES in NoScript you can't get pwned.
But... the superego is the only thing between acting civilized and being a slave to my id. What you propose would lead to a world of people living only to sate the basest of desires. Kind of like Los Angeles.
You'd have to be pretty crazy and/or desperate to risk using the provided bandwidth at DefCon (or any hacker con) for that matter. Regardless of how much faith you may have in the people running the network, you're surrounded on all sides by people who would like nothing more than to steal your information. While at DefCon, stay away from the ATMs and if at all possible stay away from the network entirely.
Dude, what? I was there and as long as you use OpenVPN back to your home box and proxy everything through your cable modem you're going to be OK. Or create a SOCKS proxy using a ssh tunnel back to your home connection.
Yeah, stay away from the ATMs because you will get raped by the fees. Or are you trying to say that someone will put a magstripe and PIN harvester on the machines. As if. Not only was security seriously stepped up compared to the last two years, the casinos have cameras that do nothing but monitor the ATMs precisely to stop this (I chatted up one of the security suits this year).
Breath easy and just be aware of what kind of traffic is leaving and entering your system.
Did you even go this year? If you did, I bet you were the one cowering in the corner removing the batteries from all your devices "just in case".
During the first three years of Fox's government, the official number of reported kidnappings showed a slight decrease, from 505 in 2001 to 438 in 2003. The new Federal Investigation Agency (Procuraduria de Justicia) reported dismantling 48 kidnapping rings and saving 419 victims.
Now those aren't recent numbers (about 4 years back). But still even if they reduced them to 300/yr since then (which I think would be miraculous)
a 40% increase would mean an avg of over 1 person per day.
I remember seeing a a documentary on personal armored vehicles (think a Navigator with about a ton of armor and ballistic glass). They said that the number one money maker for criminals in Mexico City was kidnapping. The armorers said that next to the Middle East, their top market was Mexico City specifically because of all the kidnappings.
I was pretty sure this part of the 5th amendment is explicity stating a right against self-incrimination:
...nor shall be compelled in any criminal case to be a witness against himself...
However, on reflection, I have to say you probably have the correct distillation of what that means. Because criminals incriminate themselves all the time. Fingerprints, DNA, fiber traces...
For example Finder doesn't distinguish between files and folders.
Really? So in Finder, View->Keep Arranged By->Kind doesn't work for you? How strange. I'm sure Google was broken that day, I just checked and it's in the first link.
You can also make the change permanent and global in View->Show View Options and setting the drop down of Arrange By to Kind and then clicking Use as Defaults.
Because they are new to the cryptography game and don't have the computing resources of many other countries.
Well, these days raw computing power is only one way of breaking crypto. In fact, I'd say that it would be the tool of last resort. Much more common is looking for mathematical flaws in the algorithms. And when it comes to raw talent in mathematics, I'd put China up there at the top of the heap with the NSA.
Remember that Chinese researchers are the ones that discovered collision weaknesses in MD5 and SHA-1, and then found a computationally low (relatively speaking) method of creating arbitrary collisions with those same algorithms. Yes, they were "just" hash algorithms, but they need to be just as robust as symmetric crypto algorithms. So if there *is* a weakness in AES, I would be willing to bet that the Chinese already know it. (I'm not saying there is, AES should do the job fine over there).
Except for that whole non-compliance thing with OpenDNS. NX DOMAIN responses are hijacked.
That being said, I did tell my parents to use them as an interim fix until Bellsouth got their shit together. So for a short term fix, I've been telling people to use them. But as a long term fix, it's just validating their breaking of the DNS RFC just like VeriSign (Network Solutions?) tried to do. And we remember how well everyone reacted to that kerfuffle.
The way I understood it is that by specify an "Additional" RR packaged with the bogus Reposnse RR. Once I finally get through with xxffgg.bankofamerica.com, I also get my "Additional" RR processed, which in this case would be to point www.bankofamerica.com to my own server. Since I have remained within the baliwick of bankofamerica.com, the change is accepted without reservation and poisons the cache (with an abnormally large TTL). Legitmate requests for www.bankofamerica.com would not go to the authoritative server until the TTL expired. It's actually kind of clever. It actually uses the original baliwick fix against itself. Of course with a *much* better RNG and random source ports, this attack becomes much more difficult. With DNSSEC it becomes damn near impossible.
I still have it in my RSS reader. I sent the others in my security group the link referenced in the feed, but it ended up with a 404 page. I thought it was a blip on their server, but now I see they retracted the post. It's a bit late for that, as I'm sure I'm not the only one who subscribes to their blog.
Just another example of how you can't erase knowledge once it's been disseminated.
BTW, the method of attack really is quite clever. And pretty trivial.
Slashdot Mirror
Ah, yes. We call him Little Bobby Tables...
Ah... yes :) I got confused there and thought you were talking about chains.
Chicago, land of the two seasons: Winter and Road Construction.
You've never actually been anywhere that it snows, have you? Do you honestly think the millions of people in Minneapolis, Chicago, Buffalo all use tire chains? Roads would have to be replaced completely every year.
Er, here in Chicago, they pretty much do. Or they should.
What? I live in Chicago (born and raised).. actually, just outside the city limits and not only have I *never* seen anyone with chains on their tires, I'm pretty sure it's illegal to use chains on public roads. Road repair is bad enough in the area without the all the damage chains would add.
LIES!!! User johndmartiniii (obviously an alias) wants us to use tinfoil as a signal blocker. Fortunately I have found a copy of the study on tinfoil the Reptoid scientific community tried to bury. It's On the Effectiveness of Aluminium Foil Helmets: An Empirical Study
(emaphasis mine)
Nice try johndmartiniii. Now know the brutality of your masters, the Reptoid Illuminati, as you are rendered into their protein vats after they discover the failure of your misinformation campaign.
Dude, did you just tell one of the guys who discovered this issue to *not* post links to his blog which may contain relevant information? I mean I'd understand if his blog had a ton of advertisements or something. But it's pretty much just blog entries and that's it.
Weird.
To the death or will first blood satisfy the honor of these OS's? And do the cellphone and PDA act as seconds?
No, it's an IFRAME issue. A hidden IFRAME is created *under* the main page. Any click you make will also fall to the IFRAME under the main page. It appears JavaScript makes it easier but it's not necessary. I think this sounds like a DHTML problem (as in either the protocol or how it's rendered)
At least that's what I understand from the "how to stop this with NoScript" link in TFA. Basically if you turn off all IFRAMES in NoScript you can't get pwned.
er... eloped after college. They *met* in high school.
But... the superego is the only thing between acting civilized and being a slave to my id. What you propose would lead to a world of people living only to sate the basest of desires. Kind of like Los Angeles.
Try reading the parent comment to his. He is specifically responding to that one, not the article in general.
With the speeds involved I think it's safe to say it will exist as a thin film of... cat. 27km long.
Dude, what? I was there and as long as you use OpenVPN back to your home box and proxy everything through your cable modem you're going to be OK. Or create a SOCKS proxy using a ssh tunnel back to your home connection.
Yeah, stay away from the ATMs because you will get raped by the fees. Or are you trying to say that someone will put a magstripe and PIN harvester on the machines. As if. Not only was security seriously stepped up compared to the last two years, the casinos have cameras that do nothing but monitor the ATMs precisely to stop this (I chatted up one of the security suits this year).
Breath easy and just be aware of what kind of traffic is leaving and entering your system.
Did you even go this year? If you did, I bet you were the one cowering in the corner removing the batteries from all your devices "just in case".
Now those aren't recent numbers (about 4 years back). But still even if they reduced them to 300/yr since then (which I think would be miraculous) a 40% increase would mean an avg of over 1 person per day.
I remember seeing a a documentary on personal armored vehicles (think a Navigator with about a ton of armor and ballistic glass). They said that the number one money maker for criminals in Mexico City was kidnapping. The armorers said that next to the Middle East, their top market was Mexico City specifically because of all the kidnappings.
However, on reflection, I have to say you probably have the correct distillation of what that means. Because criminals incriminate themselves all the time. Fingerprints, DNA, fiber traces...
Really? So in Finder, View->Keep Arranged By->Kind doesn't work for you? How strange. I'm sure Google was broken that day, I just checked and it's in the first link.
You can also make the change permanent and global in View->Show View Options and setting the drop down of Arrange By to Kind and then clicking Use as Defaults.
Where? Where?
Well, these days raw computing power is only one way of breaking crypto. In fact, I'd say that it would be the tool of last resort. Much more common is looking for mathematical flaws in the algorithms. And when it comes to raw talent in mathematics, I'd put China up there at the top of the heap with the NSA.
Remember that Chinese researchers are the ones that discovered collision weaknesses in MD5 and SHA-1, and then found a computationally low (relatively speaking) method of creating arbitrary collisions with those same algorithms. Yes, they were "just" hash algorithms, but they need to be just as robust as symmetric crypto algorithms. So if there *is* a weakness in AES, I would be willing to bet that the Chinese already know it. (I'm not saying there is, AES should do the job fine over there).
Except for that whole non-compliance thing with OpenDNS. NX DOMAIN responses are hijacked.
That being said, I did tell my parents to use them as an interim fix until Bellsouth got their shit together. So for a short term fix, I've been telling people to use them. But as a long term fix, it's just validating their breaking of the DNS RFC just like VeriSign (Network Solutions?) tried to do. And we remember how well everyone reacted to that kerfuffle.
In case you missed his comment, my empahasis on the quote, I'll point the word out to you:
differences
That word is analogous to "not the same" which was supported by his example of guitar prices.
It is *all* over the place now. Just Google it. You'll find it pretty quickly.
The way I understood it is that by specify an "Additional" RR packaged with the bogus Reposnse RR. Once I finally get through with xxffgg.bankofamerica.com, I also get my "Additional" RR processed, which in this case would be to point www.bankofamerica.com to my own server. Since I have remained within the baliwick of bankofamerica.com, the change is accepted without reservation and poisons the cache (with an abnormally large TTL). Legitmate requests for www.bankofamerica.com would not go to the authoritative server until the TTL expired. It's actually kind of clever. It actually uses the original baliwick fix against itself. Of course with a *much* better RNG and random source ports, this attack becomes much more difficult. With DNSSEC it becomes damn near impossible.
I still have it in my RSS reader. I sent the others in my security group the link referenced in the feed, but it ended up with a 404 page. I thought it was a blip on their server, but now I see they retracted the post. It's a bit late for that, as I'm sure I'm not the only one who subscribes to their blog.
Just another example of how you can't erase knowledge once it's been disseminated.
BTW, the method of attack really is quite clever. And pretty trivial.
Did you really mean to use "poser"?
a person who poses for a photographer or painter or sculptor
or did you want to use this word?
poseur
I'm not sure about that. I think as a Federal Corp, they have a mandate to be entirely self-funded.
Did you just have a flame war with yourself?
I don't know whether to applaud or silently edge away from you making no sudden moves.